Who are we?
Our website address is: https://h2oparapluies.com.
The new European regulation: GDPR
The General Data Protection Regulation (GDPR) is the legal framework for the processing of personal data in Europe, effective May 25, 2018.
Unlike Directive 95/46/EC, which previously governed such processing, the GDPR is directly applicable in the EU and does not require national transposition.
As such, it will promote the harmonization of legal regimes for the protection of personal data in Europe.
Official GDPR information:http://eur-lex.europa.eu/legal-content/FR/TXT/?uri=CELEX%3A32016R0679
The key terms in these regulations can be defined as follows:
Personal data: personal data refers to any information relating to an identified or identifiable natural person. A person can be identified:
directly (e.g., surname, first name) or indirectly (e.g., by an identifier (customer number), telephone number, etc.). A natural person can be identified:
based on a single piece of information (e.g., email address)
based on the cross-referencing of a set of data (e.g., city of residence, date of birth, etc.)
Data processing: personal data processing is an operation or set of operations involving personal data, regardless of the process used: collection, recording, organization, storage, adaptation, modification, extraction, consultation, use, communication by transmission, dissemination, or any other form of provision, reconciliation (e.g., maintaining a customer file).
Data controller: the natural or legal person, public authority, agency, or other body that, alone or jointly with others, determines the purposes and means of the processing.
Subcontractor: the natural or legal person, public authority, agency, or other body that processes personal data on behalf of the controller.
As users of a website, what are your rights?
The right to information
To be fair and lawful, the collection of personal data must be accompanied by clear and precise information for individuals on:
- the identity of the data controller;
- the purpose of the file;
- whether responses are mandatory or optional and the consequences of not responding;
- the recipients of the data;
- their rights (right of access, rectification, and opposition);
- any transfers of data to countries outside the EU.
Information must be provided prior to data collection.
The medium used to provide this information varies depending on the characteristics of the file (e.g., information panel for video surveillance, information notice on a form, reading of this information in the case of data collection by telephone).
This page constitutes the information medium for this site for any collection of personal data through it.
Obtaining consent
Consent is an active step taken by the user, which must be explicit and preferably in writing, and must be freely given, specific, and informed.
In an online form, it can take the form, for example, of a checkbox that is unchecked by default. This is the case for the forms on this website.
Consent is “prior” to the collection of data.
The prior consent of the person concerned is required in particular:
- In the case of the collection of sensitive data;
- Reuse of data for other purposes;
- Use of cookies for certain purposes;
- Use of data for electronic commercial prospecting purposes.
The right to object
Individuals must be able to object to the reuse of their contact details by the data controller for solicitation purposes, particularly commercial solicitation, when placing an order or signing a contract.
A checkbox, unchecked by default, must allow them to express their choice directly on the form or order form to be completed. Simply mentioning the existence of this right in the terms and conditions is not sufficient.
Everyone has the right to object, on legitimate grounds, to the processing of their data, unless this is required by law (e.g., tax files).
Rights of access and rectification
Any person may access all information concerning them, find out the origin of the information concerning them, access the information on which the data controller based their decision concerning them (for example, the factors that led to you not being granted a promotion or the score assigned by a bank that led to your credit application being rejected), obtain a copy of it (fees not exceeding the cost of reproduction may be charged), and request that their data be corrected, completed, updated, or deleted, as appropriate.
For this website, you can exercise this right by sending an email to contact@h2oparapluies.com. The email address used must be identical to the one previously provided and to the one to which the access request will be sent.
The right of access may also be exercised:
In writing: by post to the address indicated on the contact page, accompanied by a copy of your ID. Ideally, by registered mail with acknowledgment of receipt.
In person: upon presentation of your ID. You may be accompanied by a person of your choice. The consultation must be long enough to allow you to take notes conveniently and completely. You may request a copy of the data.
The data controller has a maximum response time of two months from the date of receipt of the request. If the request made on site cannot be satisfied immediately, a dated and signed acknowledgment of receipt must be given to the applicant. If the request is incomplete (e.g., lack of identification), the data controller is entitled to request additional information: the time limit is then suspended and starts running again once this information has been provided.
The data controller may:
refuse the request for access: in this case, they must justify their decision and inform the applicant of the means and time limits for appealing against it.
Not respond to requests that are manifestly abusive, in particular because of their number, repetitive or systematic nature (e.g., requests for a full copy of a recording every week).
When the data controller has no data on the person exercising their right of access (e.g., the data has been deleted or the organization has no data on the person), they must nevertheless respond to the requester within two months.
The right of access must be exercised in accordance with the rights of third parties.
Source:https://www.cnil.fr/fr/respecter-les-droits-des-personnes
Learn more about the GDPR: https://www.cnil.fr/fr/rgpd-notions-cles-et-bons-reflexes
Data security, transmission, and hosting
The h2oparapluies.com website is hosted on servers provided by OVH.
As a hosting provider, OVH ensures compliance and evaluates the performance of its systems by conducting regular audits.
All data is hosted on French servers.
Find out more about data protection by OVH:
https://www.ovh.com/fr/protection-donnees-personnelles/securite.xml
https://www.ovh.com/fr/protection-donnees-personnelles/gdpr.xml
The h2oparapluies.com website has a certificate provided by Let's Encrypt and uses the https protocol with the TLS (or Transport Layer Security) protocol version 1.2.
Find out more about the TLS protocol: https://fr.wikipedia.org/wiki/Transport_Layer_Security
When paying for an order, no banking data passes through the servers of the h2oparapluies.com website, but exclusively through its banking organization Crédit Agricole via its e-transaction online payment system (see the Terms and Conditions for more information).
Data security
The h2oparapluies.com website has a certificate provided by Let's Encrypt and uses the https protocol with the TLS (or Transport Layer Security) protocol version 1.2.
Learn more about the TLS protocol:
https://fr.wikipedia.org/wiki/Transport_Layer_Security
GDPR and e-commerce
In this context, SARL SEABISCUIT, which manages the h2oparapluies.com website, undertakes to:
1. limit the collection of website user data to that which is strictly necessary: it is within the framework of this approach that when SARL SEABISCUIT orders a service or product, you only provide the data necessary for it to provide billing, support, and order tracking services
2. Comply with its legal obligations regarding data retention (in particular on the basis of Law No. 2004-575 of June 21, 2004 on confidence in the digital economy).
3. not use the data collected for purposes other than those for which it was collected (no resale or transfer to third parties other than service providers or subcontractors, and only within the scope of the use specified above).
4. Keep personal data for a limited and proportionate period of time. Data processed for the purposes of managing the relationship between the customer and SARL SEABISCUIT (surname, first name, postal address, email, etc.) is retained by SARL SEABISCUIT for the duration of the commercial transaction and for the following thirty-six (36) months. At the end of this period, it is deleted from all media and backups.
5. not to transfer this data to third parties other than the service providers of SARL SEABISCUIT involved in the execution and monitoring of commercial transactions (accounting firm, Colissimo or Chronospost shipping company, etc.).
6. Implement appropriate technical and organizational measures to ensure a high level of security (see below for hosting and storage of personal data).
GDPR and newsletter
SEABISCUIT LLC, which manages the h2oparapluies.com website, does not currently offer any form of newsletter subscription on this site.
GDPR and contact form
Contact forms are direct contact modules that work as follows: the user of the form fills in the required and optional fields, and these fields are sent directly by email to the recipient at SARL SEABISCUIT.
No data is stored on the site's servers or databases.
This data is used exclusively for processing the user's request (reservation, request for information, quote, etc.). It will not be transmitted to third parties, unless expressly requested by the user and explicitly indicated in the form or following exchanges with SARL SEABISCUIT. The email containing the user's personal data will remain stored on the mail server of the recipient at SARL SEABISCUIT for the duration of the complete processing and follow-up of the request, for an indefinite period.
Users who have sent their personal data retain the right to rectify and delete this data, which they may exercise by sending a message or letter (see section “rights of access and rectification” above).
GDPR and tracking of website usage by Google Analytics
The h2oparapluies.com website uses Google Analytics services to track the functioning, traffic, and visits to its pages. An Analytics tag is therefore applied to the various pages of the website in order to determine how visitors use them (length of visit, etc.).
To do this, Google Analytics collects anonymous data from visitors using their IP address. This is not communicated to SARL SEABISCUIT.
The information received from Google Analytics concerning visits to the site includes:
- visitors' geographical location (no address, only a city, postal code, or region)
- type of device used (no specific model or name, but computer, smartphone, or tablet)
- pages visited
- length of visit (on the site and per page)
- links followed
This data is collected for purely statistical purposes and is not used for remarketing purposes under any circumstances.
Google Analytics is committed to data protection:
Protecting your data
Google is committed to keeping your information secure on its computer systems and has implemented a multi-level security strategy across the company.
The Google Analytics privacy and security principles outline the various measures we take to ensure your data is protected.
Our privacy policy
At Google, we are fully aware of the trust you place in us and our responsibility to protect your personal data. That's why we tell you what information we collect when you use our products and services, why we collect it, and how we use it to better meet your expectations. Google's privacy principles and policies describe how we treat your personal information when you use Google products and services, such as Google Analytics.
Google Analytics cookies
Google Analytics uses internal cookies to generate reports on visitor interactions with your website. These cookies are used to store information that does not personally identify Internet users. Internal cookies stored in browsers are not valid from one domain to another.
For customers using the Google Analytics for Display Advertisers feature, a third-party DoubleClick cookie is used to enable certain features such as remarketing for products like AdWords on the Google Display Network. For more information about this cookie, see the Advertising Privacy FAQ. To manage your settings related to this cookie and disable this feature, go to the Ads Settings page.
Customers who have enabled the analytics.js collection method through Universal Analytics can choose whether or not to use a cookie. If they decide to do so, the information stored in the local first-party cookie is reduced to a random identifier (e.g., 12345.67890).
Use of IP addresses
Every computer or device connected to the Internet is assigned an IP (Internet Protocol) address. IP addresses are generally assigned in blocks for each country. They can therefore be used to identify the country, region, and city from which the computer is connecting to the Internet. Since websites must use IP addresses for the Internet to function, website owners have access to the IP addresses of their visitors, whether or not they use Google Analytics. Google Analytics uses IP addresses to ensure the security of the service and to tell website owners which region of the world their visitors come from (this is called “IP geolocation”).Under no circumstances does Google Analytics disclose the IP addresses themselves to its customers. In addition, using a method called IP address masking, website owners using Google Analytics can request that only part (rather than all) of the IP address be used for geolocation.
Data privacy
Google Analytics protects the privacy of your data in several ways:
Google Analytics customers are not permitted to transmit personal information to Google.
The Google Analytics Terms of Service, which all Google Analytics customers must comply with, prohibit the transmission of personal information to Google Analytics. This information includes any data that could be used by Google to identify an individual, including (but not limited to) names, email addresses, or banking information.
No data sharing without prior consent
Google Analytics data must not be shared without the user's prior consent, except in certain limited circumstances, such as a court order.
Google Analytics' ongoing investment in security
Dedicated Google engineering teams are responsible for protecting data from external threats. Internal access to data (e.g., by employees) is strictly controlled. Employees are also subject to procedures and access controls.
Privacy solutions
Google allows website owners who have implemented Google Analytics to decide more freely how Google Analytics collects their data.
Browser add-on to disable Google Analytics
Website visitors who do not want their data to be transmitted by Google Analytics JavaScript methods can install the browser add-on to disable Google Analytics. This add-on prevents JavaScript methods (ga.js, analytics.js, and dc.js) from sending data about visitors' visits to Google Analytics. It is available for most recent browsers. Please note that even if the add-on is installed, data may still be sent to the website in question or, through other means, to other Internet audience analysis services. Learn more about the browser add-on to disable Google Analytics.
Disabling Google Analytics and implementing independent disabling solutions
Some website owners using Google Analytics JavaScript methods (ga.js, analytics.js, and dc.js) can disable tracking on a page without having to remove the Google Analytics JavaScript code snippet. They can also create their own notifications and solutions for their site visitors or implement privacy solutions designed by third-party developers. Learn more about methods for site owners to disable tracking.
Ad settings
Some websites using Google Analytics implement the remarketing feature with Google Analytics, which uses the DoubleClick third-party cookie. Users can disable this feature and manage their settings for this cookie using Ads Settings.
Information about the Google Analytics measurement protocol/SDK and the option to disable it
Owners of a website, app, or any other digital service or device that implements another collection method and/or feature via the Google Analytics SDK or measurement protocol must, according to the Program Policies, inform users and offer them a choice (e.g., to opt out).
Data sharing settings
Google Analytics data sharing settings allow you to share your account data with other products and services. Data sharing allows us to obtain information about your use of Google Analytics, which we can then use to design optimized features and training materials for you. There are several types of data sharing settings. You can change them at any time. If no option is selected, your account data is excluded from any automated processes that are not specifically related to the operation and improvement of Google Analytics, or to protecting data security and integrity. Learn more about changing your account's data sharing settings.Account administrators' control over data
Account administrators own their Google Analytics data.Account users can export their aggregated data reports at any time from Google Analytics using the XML, PDF, or CSV download options, or via the Google Analytics core reporting API. This exported data can then be used with other applications or services that they use in conjunction with Google Analytics, or completely independently.
Account users can also delete a profile in their Google Analytics account at any time.
Procedures and access controls for employees
We classify Google Analytics data as confidential information. Access controls for employees protect customer data from unauthorized access. We also conduct audits to ensure that these controls are being enforced.All account data is confidential and subject to the provisions of Google's Privacy Policy.
Access to customer account data may be granted on a strict need-to-know basis when an employee requires it to perform their job. Employees requesting access to data must explain why they are requesting it. They must also be familiar with the rules governing access, accept the terms of use, and have their request approved.
Customer advisors and support teams cannot access customer account data without the explicit permission of the customer concerned.
When accessing customer data, employees limit their activities to the reports they need to complete their officially assigned tasks.
Employees are not permitted to access data using network devices that do not belong to Google or have not been approved by Google.
Data security
When computing is web-based, data and application security is paramount. To prevent unauthorized access, Google devotes significant resources to securing applications and data processing.Data is stored in an encoded format optimized for performance, rather than in a traditional file system or database. To ensure redundancy and enable adequate access, it is distributed across a number of logical and physical volumes, thereby compromising any attempts at tampering.
Google applications run in a distributed “multi-tenant” environment. Rather than storing each customer's data on a single machine or set of machines, data from all Google customers (individuals, businesses, and even Google's own data) is distributed across a shared infrastructure. This infrastructure consists of many homogeneous Google machines that are hosted in Google data centers.
Operational security and disaster recovery
To limit service interruptions due to hardware failures, natural disasters, or other events, a comprehensive disaster recovery program is implemented in every Google data center. This program includes multiple components designed to eliminate single points of failure. For example, it includes the following:Data duplication
To ensure availability in the event of a disaster, Google Analytics data stored in distributed file systems is duplicated in separate systems hosted in different data centers.
Geographic distribution of data centers
Google has set up several data centers in different geographic areas to ensure service continuity in the event of a disaster or incident in a given region. In addition, high-speed connections between data centers enable rapid IT failover. Data center management is also distributed to provide 24-hour system administration and coverage that is independent of geographic location.
Resilient and redundant infrastructure
Google's computing clusters have been designed with resilience and redundancy in mind. This minimizes single points of failure and the impact of environmental risks and common equipment failures. We therefore duplicate the circuits, switches, networks, and other devices necessary to enable redundancy. Data center infrastructures are robust, fault-tolerant, and can be maintained simultaneously.
Plan de continuité en cas de sinistreIn addition to data redundancy and data centers spread across different regions, Google has a business continuity plan for its headquarters in Mountain View, California. This plan covers major disasters, such as earthquakes or health crises, and takes into account the fact that people and services may be unavailable for up to 30 days. It is designed to enable the continued operation of our services for our customers.
Information as stipulated by Google on May 31, 2018
Source : https://www.google.com/analytics/learn/privacy.html?hl=fr
More information about Google's data protection in connection with Google Analytics:
https://support.google.com/analytics/answer/6004245?hl=fr
Embedded content from other websites
Articles on this website may include embedded content (e.g., videos, images, articles, etc.). Embedded content from other websites behaves in the same way as if the visitor had visited the other website.
These websites may collect data about you, use cookies, embed third-party tracking tools, and track your interactions with this embedded content if you have an account logged in to their website.